پديد آورنده :
ابويي مهريزي، زينب
عنوان :
دسته بندي هشدارها بر اساس نوع حمله در سيستم هاي تشخيص نفوذ
مقطع تحصيلي :
كارشناسي ارشد
محل تحصيل :
اصفهان: دانشگاه صنعتي اصفهان، دانشكده برق و كامپيوتر
صفحه شمار :
ده،99ص.: مصور،جدول،نمودار
يادداشت :
ص.ع.به فارسي و انگليسي
استاد راهنما :
رسول موسوي
استاد مشاور :
مهدي برنجكوب
توصيفگر ها :
ماشين هاي بردار پشتيبان
تاريخ نمايه سازي :
22/4/92
استاد داور :
علي فانيان، هاشمي
دانشكده :
مهندسي برق و كامپيوتر
چكيده فارسي :
به فارسي و انگليسي: قابل رويت در نسخه ديجيتالي
چكيده انگليسي :
101 Alert classification based on attack type in Intrusion Detection Systems Zeinab Abuee Mehrizi z abuee@ec iut ac ir Date of Submission 2013 01 14 Department of Electrical and Computer Engineering Isfahan University of Technology Isfahan 84156 83111 Iran Degree M Sc Language Farsi Supervisor Seyyed Rasoul Mousavi srm@cc iut ac ir Abstract With the expansion of computer networks and threats due to attacks to network network and data security is an essential requirement in the area of computer systems For provide security systems called Intrusion Detection Systems IDSs are needed Intrusion detection systems are used to detect attacks in computer networks Network administrators are often overwhelmed by large volumes of IDS alerts This has motivated for automatic IDS alert analysis The goal of automatic alert analysis is to respond IDSes challenges Including large volumes of alerts large amount of false positive alerts low level situational awareness and alerts no correlated with others when attackers succeed to pass through other security systems to detect and prevent them from further progress There are many challenges in IDSes They should be able to work with large volume of data attackers try to defeat security mechanisms and new attacks are discovered every day So after some time IDSes lose their efficiency and cannot detect unknown attacks When Intrusion Deection Systems detect signs of security violations they produce an alert or alerts But they usually produce too many alerts in a day most which are false positive In this thesis we have proposed methods to divide the alerts generated by IDSes into five main classes namely Normal DoS Probe R2L and U2R The proposed method consists of several layers each of which detects only a particular category of attacks In each layer SVM is used to classify the attacks For further efficiency it updates with the help system analyzer automatically The proposed method is compared to the Layered CRF 15 and results indicate that the proposed method is more accurate than Layered CRF in detecting R2L U2R and DoS attacks The method is also compared to new and available methods and the results show that the proposed system has a higher detection rate in U2R and Probe attacks This method can always detect unknown attacks because it is automatically updated and This advantage is very important in Intrusion Detection Systems Keywords Intrusion Detection System Alert Correlation Support Vector Machine Layered approach PDF created with pdfFactory trial version www pdffactory com
استاد راهنما :
رسول موسوي
استاد مشاور :
مهدي برنجكوب
استاد داور :
علي فانيان، هاشمي
